private ExternalUser ApplyPermission(MailboxSession mailboxSession, SmtpAddress smtpAddress, SharingContext context)
{
ExternalUser externalUser = null;
ExternalUser externalUser2;
using (ExternalUserCollection externalUsers = mailboxSession.GetExternalUsers())
{
externalUser2 = externalUsers.FindReachUserWithOriginalSmtpAddress(smtpAddress);
externalUser = externalUsers.FindFederatedUserWithOriginalSmtpAddress(smtpAddress);
if (externalUser2 == null)
{
externalUser2 = externalUsers.AddReachUser(smtpAddress);
externalUsers.Save();
}
}
using (FolderPermissionContext current = FolderPermissionContext.GetCurrent(mailboxSession, context))
{
FreeBusyAccess freeBusy = this.GetFreeBusy(context);
PermissionSecurityPrincipal principal = new PermissionSecurityPrincipal(externalUser2);
PermissionLevel permissionLevel = (context.SharingDetail == SharingContextDetailLevel.FullDetails) ? PermissionLevel.Reviewer : PermissionLevel.None;
current.AddOrChangePermission(principal, permissionLevel, new FreeBusyAccess?(freeBusy));
if (externalUser != null)
{
current.RemovePermission(new PermissionSecurityPrincipal(externalUser));
}
}
return(externalUser2);
}
private static string GetExternalIdentity(ExternalClientContext externalClientContext, MailboxSession session)
{
FreeBusyPermission.SecurityTracer.TraceDebug <object, ExternalClientContext, IExchangePrincipal>(0L, "{0}: searching for external identity for caller {1} in mailbox {2}", TraceContext.Get(), externalClientContext, session.MailboxOwner);
Stopwatch stopwatch = Stopwatch.StartNew();
try
{
PersonalClientContext personalClientContext = externalClientContext as PersonalClientContext;
if (personalClientContext != null)
{
using (ExternalUserCollection externalUsers = session.GetExternalUsers())
{
ExternalUser externalUser = externalUsers.FindExternalUser(personalClientContext.ExternalId.ToString());
if (externalUser != null)
{
string text = externalUser.Sid.ToString();
FreeBusyPermission.SecurityTracer.TraceDebug <object, string>(0L, "{0}: found personal client context from external identity: {1}", TraceContext.Get(), text);
return(text);
}
}
}
}
finally
{
stopwatch.Stop();
PerformanceCounters.AverageExternalAuthenticationIdentityMappingTime.IncrementBy(stopwatch.ElapsedTicks);
PerformanceCounters.AverageExternalAuthenticationIdentityMappingTimeBase.Increment();
}
return(null);
}
private ExternalUserCollection GetExternalUsers(StoreSession session)
{
MailboxSession mailboxSession = session as MailboxSession;
if (this.externalUsers == null && mailboxSession != null)
{
this.externalUsers = mailboxSession.GetExternalUsers();
}
return(this.externalUsers);
}
protected override void InternalPerformRevocation(MailboxSession mailboxSession, SharingContext context)
{
using (FolderPermissionContext current = FolderPermissionContext.GetCurrent(mailboxSession, context))
{
using (ExternalUserCollection externalUsers = mailboxSession.GetExternalUsers())
{
PermissionSecurityPrincipal permissionSecurityPrincipal = this.CreatePermissionSecurityPrincipal(context.InitiatorSmtpAddress, externalUsers);
if (permissionSecurityPrincipal != null)
{
current.RemovePermission(permissionSecurityPrincipal);
}
}
}
}
internal static ExternalIdentityToken GetExternalIdentityToken(MailboxSession session, SmtpAddress externalId)
{
if (session != null && session.Capabilities.CanHaveExternalUsers)
{
using (ExternalUserCollection externalUsers = session.GetExternalUsers())
{
ExternalUser externalUser = externalUsers.FindExternalUser(externalId.ToString());
if (externalUser != null)
{
return(new ExternalIdentityToken(externalUser.Sid));
}
ExternalIdentityToken.Tracer.TraceError <SmtpAddress, IExchangePrincipal>(0L, "{0}: Unable to find the requester in the external user collection in mailbox {1}.", externalId, session.MailboxOwner);
}
}
return(null);
}
internal void EnsureExternalUser(MailboxSession mailboxSession)
{
if (this.UserType != MailboxFolderUserId.MailboxFolderUserType.External)
{
throw new InvalidOperationException("Only support External user type.");
}
if (this.externalUser != null)
{
return;
}
using (ExternalUserCollection externalUsers = mailboxSession.GetExternalUsers())
{
ExternalUser externalUser = externalUsers.FindExternalUser(this.smtpAddress);
if (externalUser == null)
{
throw new InvalidExternalUserIdException(this.smtpAddress.ToString());
}
this.externalUser = externalUser;
}
}
public static byte[] BuildAclTableBlob(StoreSession session, RawSecurityDescriptor securityDescriptor, RawSecurityDescriptor freeBusySecurityDescriptor)
{
IRecipientSession adrecipientSession = session.GetADRecipientSession(true, ConsistencyMode.IgnoreInvalid);
ExternalUserCollection externalUserCollectionToDispose = null;
bool flag;
string canonicalErrorInformation;
List <AclTableEntry> source;
try
{
source = AclModifyTable.BuildAclTableFromSecurityDescriptor(securityDescriptor, freeBusySecurityDescriptor, new LazilyInitialized <ExternalUserCollection>(delegate()
{
MailboxSession mailboxSession = session as MailboxSession;
externalUserCollectionToDispose = ((mailboxSession != null) ? mailboxSession.GetExternalUsers() : null);
return(externalUserCollectionToDispose);
}), adrecipientSession, new AclTableIdMap(), out flag, out canonicalErrorInformation);
}
finally
{
Util.DisposeIfPresent(externalUserCollectionToDispose);
}
if (!flag)
{
ExTraceGlobals.StorageTracer.TraceError(0L, "Cannot build blob ACL table blob with non-canonical SD");
throw new NonCanonicalACLException(canonicalErrorInformation);
}
FolderSecurity.AclTableAndSecurityDescriptorProperty aclTableAndSD = new FolderSecurity.AclTableAndSecurityDescriptorProperty(new ArraySegment <byte>(AclModifyTable.SerializeTableEntries(source)), source.ToDictionary((AclTableEntry tableEntry) => tableEntry.SecurityIdentifier, delegate(AclTableEntry tableEntry)
{
if (!tableEntry.IsGroup)
{
return(FolderSecurity.SecurityIdentifierType.User);
}
return(FolderSecurity.SecurityIdentifierType.Group);
}), SecurityDescriptor.FromRawSecurityDescriptor(securityDescriptor), SecurityDescriptor.FromRawSecurityDescriptor(freeBusySecurityDescriptor));
return(AclModifyTable.SerializeAclTableAndSecurityDecscriptor(aclTableAndSD));
}
internal ExternalUser TryGetExternalUser(byte[] memberEntryId, ref ExternalUserCollection externalUsers)
{
if (memberEntryId != null)
{
MailboxSession mailboxSession = this.Session as MailboxSession;
if (externalUsers == null && mailboxSession != null)
{
externalUsers = mailboxSession.GetExternalUsers();
}
if (externalUsers != null)
{
try
{
byte[] binaryForm = null;
StoreSession session = this.Session;
bool flag = false;
try
{
if (session != null)
{
session.BeginMapiCall();
session.BeginServerHealthCall();
flag = true;
}
if (StorageGlobals.MapiTestHookBeforeCall != null)
{
StorageGlobals.MapiTestHookBeforeCall(MethodBase.GetCurrentMethod());
}
binaryForm = MapiStore.GetLocalDirectorySIDFromAddressBookEntryId(memberEntryId);
}
catch (MapiPermanentException ex)
{
throw StorageGlobals.TranslateMapiException(ServerStrings.InvalidPermissionsEntry, ex, session, this, "{0}. MapiException = {1}.", new object[]
{
string.Format("ACL table has invalid entry id.", new object[0]),
ex
});
}
catch (MapiRetryableException ex2)
{
throw StorageGlobals.TranslateMapiException(ServerStrings.InvalidPermissionsEntry, ex2, session, this, "{0}. MapiException = {1}.", new object[]
{
string.Format("ACL table has invalid entry id.", new object[0]),
ex2
});
}
finally
{
try
{
if (session != null)
{
session.EndMapiCall();
if (flag)
{
session.EndServerHealthCall();
}
}
}
finally
{
if (StorageGlobals.MapiTestHookAfterCall != null)
{
StorageGlobals.MapiTestHookAfterCall(MethodBase.GetCurrentMethod());
}
}
}
SecurityIdentifier sid = new SecurityIdentifier(binaryForm, 0);
return(externalUsers.FindExternalUser(sid));
}
catch (ObjectNotFoundException)
{
}
}
}
return(null);
}
protected override PerformInvitationResults InternalPerformInvitation(MailboxSession mailboxSession, SharingContext context, ValidRecipient[] recipients, IFrontEndLocator frontEndLocator)
{
ExternalAuthentication current = ExternalAuthentication.GetCurrent();
if (!current.Enabled)
{
ExTraceGlobals.SharingTracer.TraceError <string>((long)this.GetHashCode(), "{0}: The organization is not federated for external sharing.", context.InitiatorSmtpAddress);
return(new PerformInvitationResults(new InvalidSharingRecipientsException(ValidRecipient.ConvertToStringArray(recipients), new OrganizationNotFederatedException())));
}
SharedFolderDataEncryption sharedFolderDataEncryption = new SharedFolderDataEncryption(current);
string text = StoreId.StoreIdToEwsId(mailboxSession.MailboxOwner.MailboxInfo.MailboxGuid, context.FolderId);
PerformInvitationResults result;
using (ExternalUserCollection externalUsers = mailboxSession.GetExternalUsers())
{
PerformInvitationResults performInvitationResults = null;
EncryptionResults encryptionResults = null;
Exception ex = null;
try
{
encryptionResults = sharedFolderDataEncryption.Encrypt(mailboxSession.MailboxOwner, mailboxSession.GetADRecipientSession(true, ConsistencyMode.IgnoreInvalid), externalUsers, recipients, context.InitiatorSmtpAddress, context.FolderClass, text, frontEndLocator);
}
catch (UserWithoutFederatedProxyAddressException ex2)
{
ex = ex2;
}
catch (InvalidFederatedOrganizationIdException ex3)
{
ex = ex3;
}
catch (StoragePermanentException ex4)
{
ex = ex4;
}
if (ex != null)
{
ExTraceGlobals.SharingTracer.TraceError <string, Exception>((long)this.GetHashCode(), "{0}: Error occurred when trying to encrypt. Exception = {1}", context.InitiatorSmtpAddress, ex);
result = new PerformInvitationResults(new InvalidSharingRecipientsException(ValidRecipient.ConvertToStringArray(recipients), ex));
}
else
{
if (encryptionResults.InvalidRecipients != null && encryptionResults.InvalidRecipients.Length > 0)
{
InvalidSharingRecipientsException exception = new InvalidSharingRecipientsException(encryptionResults.InvalidRecipients);
if (encryptionResults.InvalidRecipients.Length == recipients.Length)
{
return(new PerformInvitationResults(exception));
}
performInvitationResults = new PerformInvitationResults(recipients, exception);
recipients = performInvitationResults.SucceededRecipients;
}
else
{
performInvitationResults = new PerformInvitationResults(recipients);
}
PermissionLevel permissionLevel = this.GetPermissionLevel(context);
FreeBusyAccess? freeBusy = this.GetFreeBusy(context);
using (FolderPermissionContext current2 = FolderPermissionContext.GetCurrent(mailboxSession, context))
{
foreach (ValidRecipient validRecipient in recipients)
{
PermissionSecurityPrincipal principal = this.CreatePermissionSecurityPrincipal(validRecipient.SmtpAddress, externalUsers);
current2.AddOrChangePermission(principal, permissionLevel, freeBusy);
ExternalUser externalUser = externalUsers.FindReachUserWithOriginalSmtpAddress(new SmtpAddress(validRecipient.SmtpAddress));
if (externalUser != null)
{
current2.RemovePermission(new PermissionSecurityPrincipal(externalUser));
}
}
}
context.FolderEwsId = text;
context.EncryptedSharedFolderDataCollection = encryptionResults.EncryptedSharedFolderDataCollection;
result = performInvitationResults;
}
}
return(result);
}
